Out-of-Bounds Read Vulnerability in Eclipse Foundation NextX Duo Product
CVE-2025-55081

6.9MEDIUM

Key Information:

Status
Vendor
CVE Published:
15 October 2025

What is CVE-2025-55081?

In versions prior to 6.4.4 of NextX Duo by the Eclipse Foundation, the _nx_secure_tls_process_clienthello() function lacked proper verification of the ciphersuite length and the compression method length in SSL/TLS client hello messages. This oversight allows attackers to craft malicious messages that can trigger out-of-bounds read conditions, posing potential security risks to systems utilizing this function.

Affected Version(s)

NetX Duo 0 < 6.4.4

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ilja van Sprundel
Justin-Stauffer
.
CVE-2025-55081 : Out-of-Bounds Read Vulnerability in Eclipse Foundation NextX Duo Product